Total
3837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29937 | 1 Usu | 1 Oracle Optimization | 2022-05-11 | 9.0 HIGH | 8.8 HIGH |
| USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. | |||||
| CVE-2021-42165 | 1 Mitrastar | 2 Gpt-2541gnac-n1, Gpt-2541gnac-n1 Firmware | 2022-05-11 | 9.0 HIGH | 8.8 HIGH |
| MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path". | |||||
| CVE-2021-46441 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2022-05-06 | 9.0 HIGH | 8.8 HIGH |
| In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | |||||
| CVE-2022-1440 | 1 Git-interface Project | 1 Git-interface | 2022-05-04 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker. | |||||
| CVE-2021-30231 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable parameter. | |||||
| CVE-2020-25755 | 1 Enphase | 2 Envoy, Envoy Firmware | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter. | |||||
| CVE-2021-30230 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. | |||||
| CVE-2021-31698 | 1 Quectel | 2 Eg25-g, Eg25-g Firmware | 2022-05-03 | 10.0 HIGH | 9.8 CRITICAL |
| Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon. | |||||
| CVE-2021-30234 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT parameter. | |||||
| CVE-2021-35062 | 1 Testzentrum-odw | 1 Testerfassung | 2022-05-03 | 9.3 HIGH | 8.1 HIGH |
| A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server. | |||||
| CVE-2020-36379 | 1 Aaptjs Project | 1 Aaptjs | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2021-43266 | 1 Mahara | 1 Mahara | 2022-05-03 | 4.6 MEDIUM | 7.3 HIGH |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution | |||||
| CVE-2021-30228 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parameter. | |||||
| CVE-2021-30229 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter. | |||||
| CVE-2020-21935 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary code. | |||||
| CVE-2020-36381 | 1 Aaptjs Project | 1 Aaptjs | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2021-30233 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter. | |||||
| CVE-2020-36380 | 1 Aaptjs Project | 1 Aaptjs | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2020-36376 | 1 Aaptjs Project | 1 Aaptjs | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2020-26707 | 1 Aaptjs Project | 1 Aaptjs | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter. | |||||